Computer networks and the devices and services that reside on them are often the subject of attacks by parties that are attempting to improperly access information and resources or to introduce malicious code to the networks. One type of attack is based on branch oriented programming, such as jump-oriented programming (JOP) or return-oriented programming (ROP), wherein attackers link together short runs of code already present in a program's address space in order to gain control of programs without relying on code injection. In any case, the injection of code sequences or ROP chains is generally necessary to achieve code execution, and so the presence of apparent exploit-like sequences in a snapshot of process memory may contain evidence of an attempt to exploit a vulnerability in the software.